04-17-2014 04:02 PM
we have 2 data center one is main other one is backup
User connects through vpn firewalls either from main or backup , both vpn firewalls ips added in a particular url which we use to connect to vpn.
At some sites we are facing vpn error unstrusted vpn server blocked , when we unchecked the box (block conn to untrusted server), we are able to connect but we have to select connect anyway multiple times , how can we remove this error connect anyway.
Could you guys help me on this please.
We are using cisco anyconnect.
Thanks,
Sahib
04-17-2014 04:36 PM
Do both ASAs have certificates issued to their FQDN and does either use a SAN (Subject Alternative Name)?
It is generally recommend to use the FQDN in the URL and make sure that matches the FQDN in the installed certificate. When you do that (and use a trusted issuing CA) you generally shouldn't have certificate trust issues.
04-17-2014 11:31 PM
As Marvin mentioned, it is recommended to have certificate generated from trusted CA. But from my experience many people do not do this because it cost some money.
I am not sure but if you will import your root certificate(selfsigned) to TrustedRoot store on machines where you have AnyConnect installed so then VPN client should trust your certificate and should not warn you that you are connecting to untrusted site.
HTH,
Jan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide